On Feb 10, 2008 3:28 AM, Eddy Nigg (StartCom Ltd.)
[EMAIL PROTECTED] wrote:
Kyle, even so part of your argument might be correct, you are doing a great
injustice to some of us here, specially to the ones which bother to review
the CAs. Also Frank and Gerv invest quite some time into getting
Frank Hecker wrote:
Eddy Nigg (StartCom Ltd.) wrote:
snip
... _I'm requesting
hereby and now to have thorough review of this situation and
reassessment_ of the Mozilla CA policy concerning everything related to
sub-ordinated CAs.
This is a good discussion to have, and I agree
Kyle Hamilton wrote:
However, the process itself is broken. The set of requirements are
broken. The only weapon which can be used -- decertification -- is
never (and will never, based on the Foundation's view of user
convenience as trumping user security) used. This puts Frank into a
Frank Hecker wrote:
Eddy Nigg (StartCom Ltd.) wrote:
snip
... _I'm requesting
hereby and now to have thorough review of this situation and
reassessment_ of the Mozilla CA policy concerning everything related to
sub-ordinated CAs.
This is a good discussion to have, and I agree
Eddy Nigg (StartCom Ltd.) wrote:
Now, I have no clue how this is going to work and perhaps Nelson can
give us some more informationexample: If AddTrust is going to be
upgraded to an EV root, is any sub ordinated CA potentially an EV CA?
I haven't yet looked in detail at the Network
Frank Hecker wrote:
So the bottom line is that if a root CA is approved for EV, its
subordinate CAs do *not* automatically gain the ability to issue EV
certificates. Instead the root CA has to specifically enable a given
subordinate to be EV-capable, by issuing it a CA certificate with the
Eddy Nigg (StartCom Ltd.) wrote:
Kyle Hamilton wrote:
wnip
I have not. I must point out, though, that Frank has essentially
stated that it's impossible to remove an already-vetted CA.
Did Frank say that? I don't think so...
I didn't quite say that, but I can understand why Kyle interpreted
Eddy Nigg (StartCom Ltd.) wrote:
Thanks for this information. However from our (Mozilla) point of view,
the root can sign X CA certificates able to sign EV certificates
(directly and indirectly). The OID requirement is just cosmetically in
respect of the capabilities once a root is marked
Eddy Nigg (StartCom Ltd.) wrote, On 2008-02-10 17:33:
Network Solutions has a server certificate issued by Network Solutions
EV SSL CA. Ever heard of this CA? Well, it's chained like this:
AddTrust External CA Root from Sweden and belongs to Comodo from the
United Kingdom -
9 matches
Mail list logo
